Adding Debian security repos to LMDE sources

Archived topics about LMDE 1 and LMDE 2
Locked
jimk4003
Level 1
Level 1
Posts: 4
Joined: Thu Jan 10, 2013 2:14 pm

Adding Debian security repos to LMDE sources

Post by jimk4003 »

Hi All,

I have recently converted to LMDE from Ubuntu 12.10 and 12.04 before that, and must say I'm enjoying the LMDE experience so far. I do have one query regarding how LMDE/ Debian in general handles security updates. Apologies if this is a noob question, I have read around the forums a bit and can't quite find the answer to my query.

I understand that LMDE organises the rolling release Debian testing branch into Update Packs which are then periodically released. The main benefit of this being, as I understand, that any potential bugs/ breakages from the Debian testing branch can be ironed out before being pushed out to unsuspecting people like myself. Conversely, I understand that a downside to this approach is that security updates can be slower reaching LMDE than they are reaching the pure Squeeze/ Wheezy branches.

My question, or rather questions, are as follows.

1) Can we get around the delay in LMDE security updates by adding the standard Debian security repo to the sources list, or is this a recipe for conflicts?
2) If we can, is it best to add the squeeze security repo "deb http://security.debian.org/ squeeze/updates main contrib non-free", or the wheezy security repo "deb http://security.debian.org/ wheezy/updates main contrib non-free"
3) Is there any merit in adding both repos? As I understand it the Debian Security team primarily provides support for Debian Stable, and then for Debian testing (http://www.debian.org/security/faq#testing). Are there therefore likely to be security patches in stable that have not been added in testing, or have a read this all wrong?
4) Taking answers to the above into account (sorry, I'm getting there, I promise) am I likely to encounter issues with a sources list that currently looks like this:

deb http://mirror.tuxis.nl/packages/ debian main upstream import
deb http://www.mirrorservice.org/sites/debi ... ian/latest testing main contrib non-free
deb http://www.mirrorservice.org/sites/debi ... t/security testing/updates main contrib non-free
deb http://www.mirrorservice.org/sites/debi ... multimedia testing main non-free

deb http://ftp.us.debian.org/debian testing main contrib non-free
deb-src http://ftp.us.debian.org/debian testing main contrib non-free
deb http://repository.spotify.com stable non-free
deb-src http://repository.spotify.com stable non-free
deb http://security.debian.org squeeze/updates main contrib non-free
deb-src http://security.debian.org squeeze/updates main contrib non-free
deb http://security.debian.org wheezy/updates main contrib non-free
deb-src http://security.debian.org wheezy/updates main contrib non-free

Apologies for the long-winded first post, any guidance would be appreciated.

Many thanks,

Jim
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
zerozero

Re: Adding Debian security repos to LMDE sources

Post by zerozero »

hi :) welcome to the forums

the way you're planning to do it is a recipe to disaster; you either stay in the update-packs flow (latest or incoming, one or the other, the one that suits you better) or you go all the way to testing (or sid); playing in-betweens as you are thinking is a no-go.

regarding the main issue (security) i think you should start here http://forums.linuxmint.com/viewtopic.php?f=197&t=91405 (S2 -Q1)
from there to here http://forum.linuxmint.com/viewtopic.ph ... 60&start=0
and then here http://forum.linuxmint.com/viewtopic.ph ... =0#p491421
and from there finally here http://forums.linuxmint.com/viewtopic.p ... =+security

feel free to ask.
jimk4003
Level 1
Level 1
Posts: 4
Joined: Thu Jan 10, 2013 2:14 pm

Re: Adding Debian security repos to LMDE sources

Post by jimk4003 »

Thanks zerozero,

That's a great help. Looks like you helped me dodge a banana skin there!
cwwgateway

Re: Adding Debian security repos to LMDE sources

Post by cwwgateway »

zerozero is very right, and I believe that when UPs were originally introduced, they still used the Security and Multimedia Repos, but they caused problems (I'm not completely sure though, as that was before my time with LMDE :) ). I believe that the LM team would update any packages that have significant problems, but overall the UPs are behind on security. Personally, I find that stable gets updates basically ASAP, and Debian is very good at patching all of that stuff. While Testing has a security repo and sid doesn't, it's my understanding that security updates enter sid before testing in most cases and the updates follow the standard migration requirements (10 days old, no release critical bugs, etc). However, I think that if there are significant vulnerabilities, the Debian security team will "skip" this process and move them directly into the security repo.

You can usually apt pin packages from newer releases if absolutely necessary (but only if absolutely necessary), although I'm very guilty of breaking this guideline :lol: . I pin AWN and compiz from Sid and iceweasel and icedove from experimental on my testing installs and use a few too many backports on my stable installs. For certain packages it will work out, but probably not to the extent I do it, although iceweasel 18 works great on Debian while firefox 18 for windows is broken :lol: . I can't open it any more after the update on Windows, so I feel somewhat better about pulling important packages from experimental. Anyways, the point is that in specific cases where you're willing to risk breakages and it is absolutely critical that you have the version in some other release, you can use apt pinning to install it.
Locked

Return to “LMDE Archive”